Thread Local Region
This is the 0x200-byte thread local region. It's base address is loaded via ARM threadid register tpidrro_el0. TLR for multiple threads are stored in the same page, with the first TLR normally located at page+0x200, because the first TLR spot is reserved for usermode exception handling.
Structure
This is "nn::svc::ThreadLocalRegion".
| Offset | Size | Name | Description |
|---|---|---|---|
| 0x0 | 0x100 | MessageBuffer | IPC command buffer. |
| [8.0.0+] 0x100 | 0x2 | DisableCounter | If userland sets this to non-zero, kernel will pin the thread and disallow calls to almost all SVCs. |
| [8.0.0+] 0x102 | 0x2 | InterruptFlag | If a context switch would have occurred when user disable count was non-zero, kernel will set this to 1. This signifies that the user must call SynchronizePreemptionState to unpin itself and regain access other SVCs. |
| 0x104 | 0x4 | Reserved | |
| 0x108 | 0x78 | Reserved | |
| 0x180 | 0x50 | Tls | |
| 0x1D0 | 0x8 | LocalePtr | |
| 0x1D8 | 0x8 | ErrnoVal | |
| 0x1E0 | 0x8 | ThreadData | |
| 0x1E8 | 0x8 | EhGlobals | |
| 0x1F0 | 0x8 | ThreadPointer | |
| 0x1F8 | 0x8 | ThreadType | Pointer to thread type. |
Userland context
OsBootParamter
This is "nn::os::detail::g_OsBootParamter".
| Offset | Size | Name | Description |
|---|---|---|---|
| 0x00 | 0x04 | Main thread handle. | |
| 0x04 | 0x04 | Always 0. | |
| 0x08 | 0x30 | Empty. |
OsResourceManagerStorage
This is "nn::os::detail::g_OsResourceManagerStorage".
| Offset | Size | Name | Description |
|---|---|---|---|
| 0x00 | 0x04 | Always 0. | |
| 0x04 | 0x10 | Process PRNG. | |
| 0x14 | 0x04 | Padding. | |
| 0x18 | 0x08 | Always set to 0. | |
| 0x20 | 0x08 | AddressSpaceStart right shifted by 0x0C. | |
| 0x28 | 0x08 | AddressSpaceEnd (AddressSpaceStart + AddressSpaceSize) right shifted by 0x0C and aligned to AddressSpaceAlign. | |
| 0x30 | 0x08 | AddressSpaceAlign right shifted by 0x0C. | |
| 0x38 | 0x08 | Always 0. | |
| 0x40 | 0x08 | Always set to 0. | |
| 0x48 | 0x08 | MapRegionBased right shifted by 0x0C. | |
| 0x50 | 0x08 | MapRegionEnd (MapRegionBased + MapRegionSize) right shifted by 0x0C and aligned to MapRegionAlign. | |
| 0x58 | 0x08 | MapRegionAlign right shifted by 0x0C. | |
| 0x60 | 0x08 | Always 0. | |
| 0x68 | 0x08 | Always 0. | |
| 0x70 | 0x1D0 | Main thread type. | |
| 0x240 | 0x08 | Pointer to main thread type. | |
| 0x248 | 0x08 | Unknown. | |
| 0x250 | 0x08 | Unknown. | |
| 0x258 | 0x130 | Always empty? | |
| 0x388 | 0x08 | Pointer to resource manager storage + 0x388. | |
| 0x390 | 0x08 | Pointer to resource manager storage + 0x388. | |
| 0x398 | 0x08 | Always 0. | |
| 0x3A0 | 0x08 | Always 0. |
ThreadType
This is "nn::os::ThreadType".
| Offset | Size | Name | Description |
|---|---|---|---|
| 0x00 | 0x10 | AllThreadsListNode | |
| 0x10 | 0x10 | MultiWaitObjectList | |
| 0x20 | 0x20 | Reserved | |
| 0x40 | 0x01 | State | Thread status. |
| 0x41 | 0x01 | StackIsAliased | |
| 0x42 | 0x01 | AutoRegistered | |
| 0x43 | 0x01 | SuspendCount | |
| 0x44 | 0x02 | BasePriority | Thread priority minus 0x1C. |
| 0x46 | 0x02 | Version | |
| 0x48 | 0x08 | OriginalStack | Thread stack base address. |
| 0x50 | 0x08 | Stack | Thread stack base address mirror. |
| 0x58 | 0x08 | StackSize | Thread stack size. |
| 0x60 | 0x08 | Argument | |
| 0x68 | 0x08 | ThreadFunction | |
| 0x70 | 0x08 | CurrentFiber | |
| 0x78 | 0x08 | InitialFiber | |
| 0x80 | 0x100 | TlsValueArray | TLS slots. |
| 0x180 | 0x20 | ThreadNameBuffer | Thread name. |
| 0x1A0 | 0x08 | NamePointer | Thread name address. |
| 0x1A8 | 0x04 | CsThread | Critical Section Storage. |
| 0x1AC | 0x04 | CvThread | Conditional Variable Storage. |
| 0x1B0 | 0x04 | Handle | Thread handle. |
| 0x1B4 | 0x04 | LockHistory | |
| 0x1B8 | 0x08 | ThreadId |